03-25-2013 01:00 PM
I have a 3200 controller used for RAP connectivity that has been successfully running 184.108.40.206. I wanted to upgrade to 220.127.116.11 to get it up to the same version as our other controllers & in preparation of a future memory upgrade to go to 6.2 for RAP-3 support. When I boot into 18.104.22.168 the controller comes back fine, but no RAPs can connect or can be provisioned against it. All interfaces appear to be up, but seems like the RAPs cannot connect to the outside interface. I then downgrade to 22.214.171.124 & RAP connectivity is restored. Per the release notes you need to have at least a high version of 5.X in order to jump to 126.96.36.199 so we should be good there. Looking for some insight as to what could be causing this.
03-25-2013 01:26 PM - edited 03-25-2013 01:35 PM
When you try to upgrade, type "show datapath session table | include 4500" to see if the ipsec connections are coming in.
If you see them, type "show crypto ipsec sa" to see if any connections are making an ipsec security association.
If yes, find one "inner ip address" of an access point and type "show datapath session table <inner ip address of that access point>".
Most of the time, you are missing ftp in the ap-acl, which is normally required for an upgrade...
Please see the article here for a possible solution https://arubanetworkskb.secure.force.com/pkb/artic
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
03-25-2013 02:11 PM - edited 03-25-2013 02:12 PM
If Colin's suggestion doesn't work:
What version RAPs do you have? If RAP-5s, did you follow the release notes about flashing the backup-partition? See below:
Upgrading With RAP-5 and RAP-5WN APs
If you have completed the first upgrade hop to the latest version of ArubaOS 5.0.4.x and your WLAN includes RAP-5/RAP-5WN APs, do not proceed until you complete the following process. Once complete, proceed to step 5 on page 69. Note that this procedure can only be completed using the controller’s command line interface.
1. Check the provisioning image version on your RAP-5/RAP-5WN Access Points by executing the show ap image version command.
2. If the flash (Provisioning/Backup) image version string shows the letters rn, for example, 188.8.131.52-rn-3.0, note those AP names and IP addresses.
3. For each of the RAP-5/RAP-5WN APs noted in the step2, upgrade the provisioning image on the backup flash partition by executing the following command: apflash ap-name <Name_of_RAP> backup-partition. The RAP-5/RAP-5WN reboots to complete the provisioning image upgrade.
4. When all the RAP-5/RAP-5WN APs with a 3.3.2.x-based RN provisioning image have successfully upgraded, verify the provisioning image by executing the following command: show ap image version. The flash (Provisioning/Backup) image version string should now show a version that does not contain the letters “rn”, for example, 184.108.40.206.
If you omit the above process or fail to complete the flash (Provisioning/Backup) image upgrade to 5.0.4.x and the RAP-5/RAP-5WN was reset to factory defaults, the RAP will not be able to connect to a controller running ArubaOS 220.127.116.11 and upgrade its production software image.
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX